HN Gopher Feed (2017-11-07) - page 1 of 10 ___________________________________________________________________
Show HN: Orange Forum - Web 1.0 style forum written in Go
99 points by deafcalculus
http://www.goodoldweb.com/___________________________________________________________________
baby - 3 hours ago
I'd recommend you to use Argon2 instead of bcrypt for storing
password. It has won the Password Hashing Competition last year and
is the recommended way to store passwords. Bcrypt is not bad but it
could be used with insecure parameters while Argon2 does not have
insecure parameters.The way you create cookies is also insecure,
you should be using crypto/rand instead of math/rand AND rather
hex.EncodeToString() the result instead of just generating random
numbers in the alphanumeric range.
tptacek - 2 hours ago
The math/random point is well taken.The hex.EncodeToString()
point is a nit. Generate 128 bits of randomness, and then encode
it however you'd like. The track record of people trying to get
"generate random numbers in the alphanumeric range" isn't great;
it's an opportunity to reintroduce bias. Start with a random
token of sufficient size, then encode.The Argon2 vs. bcrypt thing
is unhelpful. It does not matter what password hash you use, so
long as you use a hash designed for password storage (ie: not
"salted SHA-2"). Bcrypt is fine. I prefer scrypt, for the obvious
hardware tradeoff. I don't recommend Argon2 to people (or tell
people to stop using it) because of the library support
issues.But I think it's specifically a bad idea to tell people to
switch password hashes from bcrypt (or PBKDF2) to the trendy new
hash. The security benefit of "upgrading" from one password hash
to another is marginal.(Obviously, the benefit of switching from
"salted" hashes to real password hashes is not).
deafcalculus - 3 hours ago
Thanks! Will fix right away.
throw2016 - 2 hours ago
The old style forums are showing their age and need to be
modernized but not abandoned. See the Archlinux forums based on
Fluxbb. It's fast and effective.The newer ones led by Discourse,
Nodebb and Flarum have completely gone in another direction in
reinventing how discussion forums should be and perhaps gone too
far. They feel strangely 'rootless' and completely lack the
'community feel' of user forums.This looks promising for something
fast, lightweight and easy to deploy.
Aardwolf - 1 hours ago
So much whitespace in the demo. Real web 1.0 forums can fit way
more thread titles on screen ;)
czep - 38 minutes ago
> So much whitespace in the demo.This. If you want old school, go
with 10px Verdana, and pad sparingly. I want information, not
negative space dammit! With pine, my email editor in 1995, I
could read 40 subject lines on a 640x480 screen. With Gmail (in
compact mode) on an MBP retina, I get 36. Progress, indeed.
Designers 1, Users 0.
HumanDrivenDev - 10 minutes ago
The amount of padding in modern websites drives up the wall.
The idea that I bought a 24" monitor just so I can read text in
fullscreen is ridiculous.One trick I often use is to have the
window take half (or less) of the screen and spoof my browser
to be Chrome on Android Kit Kat. I just wish there was a change
to have a different browser spoofed per tab, or maybe a
"whitelist" of websites that are designed well enough that I
won't pretend I'm on a phone.
sturmen - 4 hours ago
I appreciate the philosophy. Is there a live demo so we can try it
out?edit: I turned on my brain and found the link was on the
homepage the whole time.
deafcalculus - 4 hours ago
Yes - https://groups.goodoldweb.com/
noughth - 4 hours ago
Yup, the site links to a hosted version here:
https://groups.goodoldweb.com/
bovermyer - 4 hours ago
That's a very concise privacy policy, heh.
always_good - 22 minutes ago
I built a forum from scratch once and it is a comical amount of
work.The initial CRUD weekend-ware is straight forward.
LIMIT/OFFSET for pagination. Throw in some Markdown support. Seems
easy enough.But the devil is in all the individual features that
make a forum usable. Like getting notified when someone @mentions
or replies to you, marking threads that you've posted in, tracking
the high watermark per user per thread so you can create a "go to
first unread post", implementing a decent search, making deep
pagination fast, a PM system, trying to generalize it.A serious
amount of breadth between weekend #1 and production if your users
want the feature set of Xenforo. The main positive I can say is
that my forum is cheap to host.
swlkr - 1 hours ago
I love this, this is how I've been writing my latest projects, with
very little js and it's been a huge productivity booster.
maxpert - 3 hours ago
Likes on bringing such a retro concept back; but seems like you
don't have any kind of spam control :D would be nice to have one.
jksmith - 3 hours ago
Hell yeah golang templates rock!
scrumper - 3 hours ago
The live demo is already full of trolling sigh. So yep, it's a
forum.Nice and fast though. Good work.
arunc - 3 hours ago
Interesting.. Looks sleek.. DLang forum [1] is similarly
lightweight and it runs as a newsgroup, IIRC. Source code at [2]
and previous discussions on HN [3][1] http://forum.dlang.org/[2]
https://github.com/CyberShadow/DFeed[3]
https://news.ycombinator.com/item?id=3592769
golangnews - 2 hours ago
See also https://golangnews.com - an HN inspired forum written in
Go and hosted on a $5 instance, holds up pretty well.
patates - 3 hours ago
Also is nim forum: https://forum.nim-lang.org/ (Source:
https://github.com/nim-lang/nimforum )
bligh____ - 3 hours ago
D is smart hipster tech not quite the Normie hipster tech go has
become, so dlang will not spread good in the Normie masses.
z3t4 - 3 hours ago
How can a few lines of text load so fast !? Are we so far into the
Obesity Crisis that people find this impressive ? :P
swlkr - 1 hours ago
Yes we are
nategri - 3 hours ago
Any support for images?
deafcalculus - 3 hours ago
Images are supported, but it's disabled in the live demo.
protomyth - 2 hours ago
Good plan for your own sanity. Is there a way to disable the
signup and just load users?
Eyas - 43 minutes ago
Looks like you'll need to start moderating this already, as of an
hour ago, at least.The process of setting up a public sandbox for
users to play with seems like it should be easy, but
abusive/obscene posts by users make a testing sandbox unusable/NSFW
very easily.
czep - 26 minutes ago
What are good strategies for combatting such abuse? Validate
email before posting, forbidden word lists, active site
moderators?
mseebach - 1 hours ago
Ok, sorry, bitter old man coming through: this is Web 2.0, not 1.0.
For all the buzzwords, Web 2.0 was defined by the dynamic
interactive solicitation of user input as opposed to Web 1.0 being
just static HTML. I don't think we've coined a good catchphrase for
fat applications implemented in tons of Javascript with only
lightweight AJAX calls to the backend.And then, of course, there's
Web 0.1: https://thedailywtf.com/articles/Web_0_0x2e_1
aaron-lebo - 1 hours ago
"Web 2.0" came around about 2004ish with Digg and other sites
using AJAX. Or at least static content was not the defining
factor. There were plenty of forums around in the late 90s with
dynamic content.
mseebach - 59 minutes ago
Wikipedia disagrees. https://en.m.wikipedia.org/wiki/Web_2.0
aaron-lebo - 53 minutes ago
Yeah I was looking at that too. The definition is kind of
nonsensical. Slashdot met that definition in 1997 but nobody
was calling it that at the time. Web 2.0 became a very
popular buzzword with Digg, Flickr etc. Or at least that's
how I remember it, the author is not "wrong" for referring to
it by a very popular definition.Also
see:http://www.paulgraham.com/web20.htmlI think everyone
would agree that democracy and Ajax are elements of "Web
2.0."
mseebach - 33 minutes ago
What's nonsensical about it? Slashdot was very avant-garde,
so fits well for a term coined in 1999. I agree that AJAX
represented somewhat of a technological watershed, but
wikis and blogs (which came of age pre-AJAX) represented a
social watershed, a much better anchor for the democracy
that PG seems to consider only from a technical
perspective.
aaron-lebo - 27 minutes ago
This is from the criticism section of your link, by a
Brit who would know better than most:Nobody really knows
what it means... If Web 2.0 for you is blogs and wikis,
then that is people to people. But that was what the Web
was supposed to be all along... Web 2.0, for some people,
it means moving some of the thinking [to the] client
side, so making it more immediate, but the idea of the
Web as interaction between people is really what the Web
is. That was what it was designed to be... a
collaborative space where people can interact.He's also
called it jargon. It's not a well-defined term (or at
least there are multiple definitions for it).
rhizome - 20 minutes ago
JS aside, this is an implementation almost to the level of the
forums at e.g. Discogs, which are pretty dang Web 1.0 featureless
.https://www.discogs.com/group/https://www.discogs.com/group/3
CM30 - 53 minutes ago
Nah, this is as 1.0 as you can get, assuming you're not asking
for completely unstyled text. Forum scripts with this sort of
simplicity were around for decades, with UBB being created in
1996 (and having significantly more features than this software),
and basic scripts like WWWBoard dating back to 1995 or earlier.It
was AJAX and processing data via JavaScript that was a web 2.0
thing (for the most part), not just submitting forms in general.
mseebach - 40 minutes ago
2.0 is not about a switchover date, it's functionality, or even
philosophy. Mid-90s forums would be understood as visionary
betas of Web 2.0 under this terminology. I concede that Orange
Forum is definitely very early 2.0, possibly even very late
1.0, but it it most definitely not "as 1.0 as you can get".
That would be static websites with at most a guest book and/or
email form.
[deleted]
binaryapparatus - 4 hours ago
Works beautifully with w3m which has become my main site test
lately. Another great example is HN itself.If it doesn't work well
with w3m something is wrong with the site philosophy or execution.
weberc2 - 1 hours ago
> If it doesn't work well with w3m something is wrong with the
site philosophy or execution.Point of clarification: "wrong"
according to your moral philosophy about web sites, even if it's
one I happen to share.
meehow - 1 minutes ago
I think you guys are awesome. Keep up good work. Battery, CPU and
RAM of my laptop are having the same feeling. Can I deploy it as
fcgi script on cheap shared Apache hosting?